As the use of the internet to perform business and financial transactions matures, so does the threat of fraud against those processes. The attack upon financial institutions has increased significantly since online applications have become available for users to view account data and perform actions upon their accounts. The primary threat to customers continues to become more prominent as hackers refine their skills of compromising customer credentials through complex hacking operations.
Fraudsters have become quite prolific in tricking individuals into giving up their private credential information through social engineering. In other words, taking advantage of common social scenarios by posing as an authorized participant with the expectation of tricking a person into sharing sensitive information. Most commonly, individuals have fallen victim to ‘phishing’ scams. For example, an individual is tricked by an email that looks to have been sent from a financial institution of whom the individual is a customer. In the email, there is a link to a malicious website that has been branded to look as if it is the home page of the financial institution. Believing that it is the correct website location, the individual enters his or her private information, which is collected by the fraudster. The fraudster will then use those credentials to login to the individual's account on the website home page of the real financial institution.
In addition to phishing, financial institutions have recently become victimized by the recent trend toward botnets. Botnets, also referred to as Remote Access Trojans (RATS), are sophisticated computer software applications that run on an unprotected personal computer (PC). Many times, these Trojans will include a key-logger, which collects credentials for online access to individuals' accounts when a browser is directed to a subset of financial institutions. Thus, there is a rise in activity of automated attacks against the online presence of financial institutions.
Credentials for online access that have been compromised typically go through a life cycle in the “black market.” The credentials are validated after they are stolen. The fraudster will login using the credentials simply to verify the credentials are correct. Typically, they are then used again to login to the victim's account to get an understanding of the available assets on the account for fraud. The credentials are then commonly sold, possibly to multiple buyers. This, coupled with the continuation of this life cycle into multiple logins by the final purchasers, produces a pattern of multiple accesses after a credential set is stolen. Also, these authentication requests are typically grouped into a batch process sharing one browser session.
There is a need to leverage this patterning to further protect customers of financial institutions, for example, who may otherwise fall victim to fraud.
Thus, there is a need for a system and method that is capable of more completely identifying the subset of a customer base who has fallen victim to these social engineering threats. In addition, there is a need for a method that provides data that can be used to identify additional channels, such as Internet Service Providers, IP addresses, and physical locations, where fraud may be unknowingly originating.